Despite popular belief, managed care is not fraud-proof. Every $1 that health plans spend to set up special investigation units could result in $7 recovered.

Senior Editor

When the 1,392-count indictment against Richard G. Paolino, DO, was first read in August 2001, the huge press conference featured a host of Bucks County, Pa., district attorneys, municipal health officials, state law enforcement officers, and postal inspectors. Also in attendance was Ed Litchko, director of corporate and financial investigations at Independence Blue Cross (IBC).

"I was there," says Litchko simply.

He was there, all right. If ever there was a visible sign that managed care, an industry once complacent in the belief that it was fraud-proof, is beginning to wake up and do battle against the very small minority of physicians who commit crime, this press conference was it. And, that was just the beginning. Thanks in part to Litchko, Paolino, a Bensalem, Pa., physician, was sent to prison on June 20 for prescribing OxyContin while practicing medicine without a license.

Not an easy case

Though what Paolino was doing now seems blatant, Litchko — who, before going to Independence Blue Cross, worked for 28 years in the criminal investigation division at the Internal Revenue Service — says it was not an easy case. "There were two other doctors involved, and if one of them hadn't ultimately agreed to cooperate... let's just say that the investigation certainly moved along to closure much quicker with one of them cooperating," says Litchko. (For a look at how computer technology aided the investigation, see "Right Software Can Help Track Down Fraud.")

Paolino was convicted of illegal delivery of controlled substances, practicing without a license, conspiracy, and more than 100 counts of insurance fraud. Barring a successful appeal, he will spend the next 30 years in jail.

"There were, in fact, medical claims, as well as pharmaceutical claims, involved," says Litchko. "Our investigation focused on the period between Oct. 31, 2000 and April 30, 2001, during which time we received medical claims from Paolino, who had continued to see patients after his medical license was suspended — for allowing his medical liability insurance to lapse — and eventually revoked."

During that period, IBC received pharmaceutical claims, many for OxyContin, that Paolino continued to write.

"Those claims were submitted by pharmacists to Medco, and then to us," says Litchko. "We paid the claims to Medco, and Medco paid the pharmacists. Because Paolino had illegally written the prescriptions that ultimately caused us to pay on bad claims, he was charged with defrauding IBC."

Though extraordinary in many respects, the Paolino case dovetails with what typically happens in managed care fraud: A physician decides to cheat the system.

"Fraud is out-and-out stealing," says Bill Mahon, executive director of the National Health Care Anti-Fraud Association, dismissing the notion that what looks like fraud might simply be the result of a physician's clinical judgment. "You know there's not a whole lot of judgment when you submit claims for things you never did, or when you saw a patient for a brief office visit but you billed it for a new-patient extended office visit. Those aren't gray areas."

Litchko agrees. "One of the schemes sometimes employed is that a provider will send in claims to a managed care company," he says. "If they're rejected, he'll resubmit them by altering them slightly and if they get rejected again, he'll resubmit them again. This practice continues until he finds the Achilles heal of our claims processing system." (How can physicians ensure that their staffs don't commit fraud by accident? See "Steering Clear of Fraud Charges.")

Caught off guard

Health plans, some contend, have been slow to pick up on these tricks.

"One of the great myths of the mid-'90s — and you still find remnants of it today — is that managed care is free of fraud by its nature," says Mahon. "'It's all capitated. It's controlled. There's no more means, no more opportunity for providers to commit fraud.' But when you look at the reality of how the money changes hands, there are still plenty of opportunities for the small fraction who are dishonest to do what they always did."

It adds up, says Mahon. "You just look at the scope of some of the cases. Say there are a million health care providers in the country, and you assume a small fraction are dishonest — say 2 percent. That would be 20,000 providers." (For a look at what health insurers consider to be the transactions in which fraud is most likely to occur, see box below.)

Thomas Brennan, director of Highmark's special investigation unit, stresses that insurers aren't the only ones cheated.

"Take a look at some things we've seen in oncology," says Brennan. "You get individuals who are undertreating or overtreating patients. Now, that severely affects the quality of care that's afforded to that patient. When it comes to radiating the individual, the doses he may be receiving suggest that he may not be receiving the dosages that he should be. Or, he may be receiving too much."

In other words, it's not just about the money. There's a real human toll.

"Enrollees often don't realize that they may have limitations on their benefits," says Brennan. "They may have a lifetime max of $500,000. So, if $30,000, or $40,000, or $50,000 of that is siphoned off by a fraudster, there may be a point where the enrollee might need those benefits and they won't be there."

Yet, despite the high-profile success generated by Brennan and Litchko, there's still some doubt as to whether the managed care industry has its heart in this fight.

For the prosecution

James G. Sheehan, associate U.S. attorney for civil programs for the Eastern District of Pennsylvania, has garnered a national reputation and headlines by going after HMOs, PBMs, and other health care players. As surprised as some industry officials may be to hear it, Sheehan fights fraud wherever he sees it — including that perpetrated against HMOs. But to battle crime, the victim has to cooperate and, so far, HMOs have reported very little fraud to Sheehan's office.

"There are frauds that I think present significant problems for HMOs because of the question of where they're going to end up," says Sheehan. "For example, credentialing issues. You have a doctor misrepresent his credentials and somebody finds out about it before it's publicly disclosed. What do you do next? If you do disclose it, if you tell us, and we go prosecute that person, then all your patients and customers say, 'Why did you have this guy in your network and what about all the services that he allegedly rendered which weren't services?'"

Mohit Ghose, a spokesman for the American Association of Health Plans, counters by saying that HMOs are doing the best they can to live up to fiduciary responsibilities in a statutory environment that often interferes with efforts to prevent fraud.

"Look at the state laws that require health plans to pay claims that they haven't even had a chance to look at properly, or the state attorney generals who fine plans because they missed their 100-percent compliance rate for paying claims on time," says Ghose. "Those types of things detract from plans' efforts to make sure that they're paying the right people for the right benefit. I'm not saying that is an excuse, but there has been a lot of movement on the state level, for example, where you look at the attorneys general slapping fines on health plans. Whether it's political or not, we don't know. The fact is that in many states, laws mandate 100 percent payment of claims, regardless of when those claims are submitted.

Ghose says the claims need to be paid within the stipulated period, whether it's 30 days or 45 days — but that's not often feasible.

"For instance, a claim can sit in a physician's office until Day 20, but the plan is still responsible for paying that claim by Day 30," he says.

In addition, says Mahon, whether the HMOs' special investigation units should report fraud that they've uncovered to law enforcement agencies is an irrelevant point.

"In about 48 states, the law requires that an insurance company report incidents of suspected insurance fraud to state authorities," says Mahon. "Typically, you report it to the insurance fraud bureau or, if there isn't one, to the state insurance department. It's not an option in those states. You're required to report suspected fraud."

He adds that this does not contradict Sheehan's assertion that HMOs aren't aggressive in reporting fraud.

"There's quite a gulf between what's required and what is actually happening out there," Mahon admits. "A lot of HMOs, I think, aren't reporting suspected fraud either in ignorance of the requirement that they do so, or because they just don't have the capacity to detect and identify it, let alone report it."

But those HMOs that do report it can pursue cases even further.

"You've met your state insurance fraud reporting obligation, but what do you do now?" says Mahon. "Are you going to refer the case to the FBI or the Postal Inspection Service? You're still going to take some action on that case, presumably. What action you take varies according to the case. In some cases you're going to make a criminal referral for investigation by the FBI. In other cases you might file your own civil suit against the provider. In a lot of the cases, you're going to go to the provider with the evidence and say, 'We know you're stealing from us; here's the evidence to back it up. We want our money back. And we're going to bounce you out of the network, by the way.'"

Getting started

Setting up special investigation units within health plans, and giving them the operating budget to make them effective can be a hindrance, especially for smaller HMOs. You need a staff that's familiar with both law enforcement and medicine, for one thing, and a computer system that can handle the modern gumshoe work.

Despite these obstacles, fighting fraud is well worth the effort, says Highmark's Brennan. "The dollars recovered to dollars spent ratio can be 7 to 1."

Highmark's antifraud efforts in 2001 and the first quarter of 2002 resulted in 33 indictments and 33 convictions, as well as the recovery of $3.4 million. During the last 18 months, Independence Blue Cross's antifraud efforts led to 23 indictments, 14 convictions, and the recovery of $11.4 million.

Brennan, a former Pennsylvania state police officer and a former analyst in the FBI's behavioral science unit, adds that top management must be willing to make a significant investment, philosophical as well as financial, for antifraud efforts to be successful. "You have to have the support of senior HMO officials," says Brennan.

The CEO and president of Independence Blue Cross, G. Fred DiBona Jr., brought Litchko in to run that plan's antifraud department in 2000.

"The unit was small, struggling," recalls Litchko. "But Fred DiBona had an interest in making sure IBC and all of its subsidiaries, policyholders, and members were protected from fraud and abuse. He needed somebody with law enforcement experience who knew about white-collar crime, had some contacts, had held management positions in the past and could come in, reorganize, and make recommendations for the expansion. Just to show you the significance in how Fred DiBona feels about potential fraud and abuse — I report directly to him. That's unusual for a managed care company. My position would fall someplace else in the corporate structure. But the fact that I've got the president's ear shows you how much he supports this program."

As a result, Independence Blue Cross can go after criminals like a bulldog, claims Litchko.

"When we refer a case to a law enforcement authority, again either federal or state or local, it may decline the case," says Litchko. "There may be a reason why. Maybe they don't have the resources to litigate it. We pursue it civilly. We brought civil RICO [Racketeer Influenced and Corrupt Organizations] charges against people in the past who owed us dollars. We're not going to walk away from those types of cases.

"In fact, even when the federal, state, or local authorities are finished, meaning maybe they do indict, prosecute, and the individuals get sentenced by the court, we still pursue to recover the dollar loses. We want to protect our policyholders as much as we possibly can and keep the spiraling costs of health care down as much as we can."

Fraud, like a lot of crime, follows the rules of supply and demand. For instance, the OxyContin prescribed as a "medical necessity" by Paolino made its way to addicts on Philadelphia street corners. Dishonest providers are always looking for a "customer base."

The biggest recent trend in managed care fraud, says Mahon, is attempts to have HMOs pay for cosmetic surgery.

Most experts believe that small health plans have the most difficulty combating fraud. Brennan is a big advocate of sharing information as one way to help those HMOs.

"If Highmark's being affected by aberrant behavior on the part of some particular provider, you can bet your life that he's not doing it only to Highmark," says Brennan. "The bigger plan can tell the smaller plan, 'Hey, this is the type of scheme that we're seeing. This is the type of behavior that we're observing. Go out. Check your systems and see if you're seeing the same thing.'"

Prominent roles

Society is beginning to demand such watchfulness.

"States are saying to HMOs that whatever your historical posture, you can't put your feet up and say, 'Fraud happens. Somebody is always going to try to defraud us because we're an HMO. We're an insurance company. Just the way of the world,'" says Mahon.

Sheehan, the federal prosecutor, says that the dialogue going on within HMOs may be even more important. "I think that the special investigation units are wrestling with how to show that they add value to an organization, and I don't think that they've yet persuaded senior management in some companies about what they need to do."

Senior management, some industry watchers contend, is starting to come around. Says Mahon: "You know, antifraud efforts have come out of the dark corners of the company, where they were sort of hidden away, to where they occupy — in many cases — a very prominent role in the company's strategic endeavors."

Right software can help track down fraud

Ed Litchko, the director of the corporate and financial investigations department at Independence Blue Cross, says that computer technology is a vitally important weapon against fraud. It is the Stars data-mining tool, manufactured by Vips, that has helped his health plan recover $11.4 million during the last 18 months when it stepped up its antifraud efforts.

"Thanks to that data-mining tool, we have access to all of our paid claims, both pharmaceutical as well as medical," says Litchko.

One of the more noteworthy cases Litchko helped to crack involved the arrest and conviction of Richard G. Paolino, DO, who prescribed the painkiller OxyContin even after his license had expired. As the Philadelphia Inquirer put it, Paolino "trafficked in OxyContin to ease the pain of bankruptcy."

New technology continues to help Litchko and his staff get a jump on criminals.

"Prior to Stars, the department reacted to allegations and had to go to all of our various claims processing computer systems, which was very laborious," says Litchko. "We'd be trying to determine whether Provider A did, in fact, have the volume of claims that he got paid for. We use Stars to identify trends, patterns, and potential fraudulent or abusive billing practices.

"When allegations are made, we can look at them and determine whether or not they concern a provider who is in our network and has been there for a number of years. We can see things like: Are there certain procedural codes that we're getting billed for?"

The antifraud technology can be expensive, warns Thomas Brennan, director of Highmark's special investigation unit. "For example, a very good fraud management computer system could cost $2.5 million and then $300,000 per year to maintain," says Brennan. "We have several extensive in-house systems that we are using. We are currently evaluating the Stars system for our own use here."

How physicians can steer clear of fraud charges

Jeffrey J. Denning

If you're trying to cheat payers and patients, you know who you are. What follows is not for you. For the rest of physicians, it's actually pretty easy to keep out of legal hot water. Your mama gave you all the advice you need on this subject: Obey the law and tell the truth.

Telling the truth on an insurance claim form is a bit like taking a multiple-choice test: You pick the best available description of the service from an array of numbered descriptions of what was done (CPT codes) and why you did it (ICD-9 diagnosis codes). That doesn't mean that a single code or combination of codes is perfect, and you don't have to report perfectly to stay out of trouble. You do have to make an effort to disclose all the material facts — what you did and why you did it.

Points to cover

Physicians need to do their homework and keep up with changes in the laws and trade customs of the health care payment process. But if you're a member of your state and specialty medical societies and read their publications, you very likely have nearly everything you need to keep current.

Step 1: Add some language to your employee handbook about the practice's intention to be in compliance with all rules and regulations and your requirement of employees to tell you if they see infractions of regulations. Review this section (and the rest of your employee handbook) with every new employee as part of his or her basic indoctrination on the first day of employment.

Step 2: It's not enough just to edit your written policies. You need to discuss these issues on the record with the full staff. Go over the employee handbook revisions. Ask your staff for ways to improve procedures. Make it plain that you are serious about obeying the letter and spirit of the laws — all of them. To make this work, you must give everyone the following promise of safety: "No employee will ever get in trouble bringing me bad news or raising an ethical issue in this practice. And if you ever try to keep bad news from me or cover it up, you won't be serving me or the practice well."

And for the doctors and other providers in the group, cover these additional points:

All physicians are responsible for reporting accurate claims based on the care delivered.

At a minimum, instruct staff members that they should not change any codes without your authorization and initials. If they feel a code is incorrect after reading an operative note or office progress note, they should bring it to you for authorization. This goes double if your billing office does some of the coding. Before claims are submitted, each physician should sign off on the accuracy of the codes chosen for him or her. If an employee still thinks the codes are overstated, he or she should go to someone in authority to report the problem. In any event, do not allow any employee to think that it is acceptable to use improper coding, ever.

No one in the office is permitted to accept anything of value from anyone who could benefit from a referral.

We didn't need Pete Stark to tell us that taking or giving kickbacks is wrong. It has been against state law in every state for 50 or more years. Make it clear to your employees and colleagues that even the appearance of impropriety can be highly damaging to the practice. Require that your employees report anything they think could reflect badly on the practice.

Reporting channels

In large practices, employees should report problems to the administrator who is responsible for investigation and discussion with the physicians. In small offices, the physician involved should be contacted directly. In a solo practice, instruct employees to report the problem to a supervisor, the manager, or the practice's lawyer if they feel uncomfortable taking it to the doctor directly.

Underlying merits

All physicians can comply with the laws and regulations easily if they commit themselves to the underlying merits of the rules. It is probably pretty remote that you will need to defend yourself in one of these compliance situations. But that doesn't mean you shouldn't do what you can to ensure that the defense is easy.

Jeffrey J. Denning is a practice management consultant and principal at Practice Performance Group in La Jolla, Calif. (www.PPGConsulting.com). He can be reached at (800) 452-1768.

'A huge amount of money'

As much as $45 billion a year may be lost to health care fraud, according to Bill Mahon, the executive director of the National Health Care Anti-Fraud Association. The number is derived from the assumption, shared by most antifraud experts, that at least 3 percent of this year's $1.3 trillion expenditure for health care was lost to fraud. "That's a huge amount," says Mahon.

The NHCAA, the Health Insurance Association of America, and the Blue Cross and Blue Shield Association surveyed 58 private health insurers in 1999 to find out where they thought fraud occurred.

Note: Numbers do not add to 100 percent because companies choose as many categories as they want.